DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 4th July 2013
KintaroBC KintaroBC is offline
New User
 
Join Date: Jul 2011
Posts: 7
Thanked 0 Times in 0 Posts
Default Best way to do webserver permissions for multiuser?

I have a webserver with multiple users, nginx runs as www and php-fpm runs scripts as particular users. Users sites go in /var/www/sites/username and this works. I'm wondering what the most secure way to do permissions is.
Reply With Quote
  #2   (View Single Post)  
Old 4th July 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,695
Thanked 214 Times in 189 Posts
Default

What is your definition of "most secure"?

What method(s) are you using for authentication?

What permissions do you want to grant?
Reply With Quote
  #3   (View Single Post)  
Old 5th July 2013
Torxed Torxed is offline
Port Guard
 
Join Date: Jul 2013
Location: Sweden
Posts: 10
Thanked 0 Times in 0 Posts
Default

Are you referring to "permissions" as folder/file permissions?
If you want individual user files to be owned only by the users then chmod -R 600 and chown -R user.wheel /var/www/username?
Reply With Quote
  #4   (View Single Post)  
Old 8th July 2013
KintaroBC KintaroBC is offline
New User
 
Join Date: Jul 2011
Posts: 7
Thanked 0 Times in 0 Posts
Default

I want files owned by users, but accessible by the webserver for reading. I think having them owned by the user but with the group www as I'm doing now works. However I'm not quite sure if new files will be owned by group www without the user in that group. fpm runs as users, so php config files can be set readable only by the user to prevent other users screwing around in the database.

If files in a directory owned by a user but with group www can be created and whatnot (for everything a user would want to do with their website), and I don't need to put users in the group www it would be great. That way users can only see their files, and nginx can see everything it needs.
Reply With Quote
  #5   (View Single Post)  
Old 8th July 2013
KintaroBC KintaroBC is offline
New User
 
Join Date: Jul 2011
Posts: 7
Thanked 0 Times in 0 Posts
Default

I just realized I can put www in the users groups. This should do the job, I think.
Reply With Quote
  #6   (View Single Post)  
Old 10th July 2013
KintaroBC KintaroBC is offline
New User
 
Join Date: Jul 2011
Posts: 7
Thanked 0 Times in 0 Posts
Default

Just for the record the best way actually seems to have directories owned by www in with the users group for example chown www:john /var/www/sites/johntate.org and chmod 570 /var/www/sites/johntate.org
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
howto provide webserver access from internet frcc OpenBSD General 3 20th June 2012 02:00 AM
openbsd webserver redirecting hack2003 OpenBSD General 2 10th August 2010 09:58 PM
openBSD webserver tutorial werwer OpenBSD Packages and Ports 2 29th May 2010 04:20 PM
Maintenance free webserver Yuka FreeBSD General 1 29th November 2008 10:36 PM
Webserver email queue Yuka FreeBSD General 5 12th November 2008 12:52 AM


All times are GMT. The time now is 01:51 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick